Running CGIs under my uid - going slowly insane.

[Jonathan Hogg]

On 1/2/2002 9:37, in article 4b4c5d99.0202010136.8e6ff51 at posting.google.com,
"pawn" <NOSpawnPAM at lightspawn.org> wrote:

> I need my Python CGIs to run scripts under my own uid, since they read
> and update .html files which are core to the site.
> 
[...]
> 
> * Switch back to perl which respects 04755 permissions.

I don't think the lack of respect for setuid permissions is anything to do
with Python I'm afraid. Quick test on my machine:

-----
% cat > test.py
#! /usr/bin/python

import os

print os.geteuid(), os.getegid()
^D
% chmod 755 test.py
% ./test.py
501 20
% sudo chown 71:71 test.py
% ./test.py 
501 20
% sudo chmod 4775 test.py
% ./test.py 
71 20
% sudo chmod 6775 test.py
% ./test.py 
71 71
-----

Are you sure the scripts aren't running as you? How are you testing this?

Note that setting an executable's setuid bit will change the "effective" uid
of the resulting process, not the uid (see 'os.get*e*uid()' above). This
means that the process may use that user's permissions.

The webserver doesn't contain a Python interpreter does it? Perhaps it's
directly executing the scripts instead of 'exec'ing them?

Jonathan